Encryption of data on the DHIS2 mobile app?

Hi!
I’ve a question - are the data stored on the Android device encrypted in any ways? Are they technically accessible from outside the app (by someone having access to the device?). We have customers with security requirements, and I would like to be able to be transparent with them in that regard.

Thanks,

Martin

3 Likes

Hi @mva,

@marta can shed more light on this… Seen @olatitle and @Knut_Staring had a similar discussion here: Encryption at rest for Tracked Entities on Mobile ….. Let’s wait and hear from them.

Best,
James.

2 Likes

Thanks James for your pointer already. This is somewhat old so I assume related to the “old” Android application, but as you say let’s see what the team can say about it.

3 Likes

Martin,

ANDROAPP-588 and ANDROSDK-3 seem to indicate that local storage encryption has not yet been implemented. There is also no mention of this in the documentation/implementation guide.

On the other hand, I seem to recall Marta saying something about it being in the pipeline - but that’s quite some time ago, and I never inquired about the details.

I’ve forwarded this link to her

Regards
Calle

4 Likes

Thank you @Calle_Hedberg :slight_smile:

2 Likes

Hi @mva,

are the data stored on the Android device encrypted in any ways?
as Calle pointed out, the database is still not encrypted in the app. The reason is that we are evaluating the impact on the size of the APK and more important, the performance of the App. Its implementation does not depend on the results and is planned for May, latest June, but the approach we take (i.e. making it optional or having two apps if results are considerably high).

Are they technically accessible from outside the app (by someone having access to the device?
Currently, the database is accesible using Chrome://inspect once the user has logged in and even if s/he logs out, as the database is deleted only if they “Reset Conf and Data” or “Delete data”. From 1.2.0 we will block it for the “production” app but leave it in the training apk, as it is useful for debugging.

Let us know if you need further clarification.

Best,
Marta

5 Likes

Thank you for the clarification @marta.

2 Likes

Thanks a lot for the complete answer! I think blocking the outside access looks like a good middleground.

3 Likes